1 |
camille ~ # glsa-check -t all |
2 |
This system is affected by the following GLSAs: |
3 |
200801-19 |
4 |
camille ~ # glsa-check -d 200801-19 |
5 |
GLSA 200801-19: |
6 |
GOffice: Multiple vulnerabilities |
7 |
============================================================================ |
8 |
Synopsis: Multiple vulnerabilities in GOffice could result in |
9 |
the |
10 |
execution of arbitrary code. |
11 |
Announced on: January 30, 2008 |
12 |
Last revised on: January 30, 2008: 01 |
13 |
|
14 |
Affected package: x11-libs/goffice |
15 |
Affected archs: All |
16 |
Vulnerable: <0.6.1 |
17 |
Unaffected: >=0.6.1 >=~0.4.3 |
18 |
|
19 |
|
20 |
Related bugs: 198385 |
21 |
|
22 |
Background: GOffice is a library of document-centric objects and |
23 |
utilities based on GTK. |
24 |
|
25 |
Description: GOffice includes a copy of PCRE which is vulnerable |
26 |
to |
27 |
multiple buffer overflows and memory corruptions |
28 |
vulnerabilities (GLSA 200711-30). |
29 |
|
30 |
Impact: An attacker could entice a user to open specially |
31 |
crafted |
32 |
documents with GOffice, which could possibly lead to |
33 |
the |
34 |
execution of arbitrary code, a Denial of Service or |
35 |
the |
36 |
disclosure of sensitive information. |
37 |
|
38 |
Workaround: There is no known workaround at this time. |
39 |
|
40 |
Resolution: All GOffice 0.4.x users should upgrade to the latest |
41 |
version: |
42 |
|
43 |
# emerge --sync |
44 |
# emerge --ask --oneshot --verbose |
45 |
">=x11-libs/goffice-0.4.3" |
46 |
All GOffice 0.6.x users should upgrade to the latest |
47 |
version: |
48 |
|
49 |
# emerge --sync |
50 |
# emerge --ask --oneshot --verbose |
51 |
">=x11-libs/goffice-0.6.1" |
52 |
|
53 |
References: |
54 |
GLSA-200711-30: |
55 |
http://www.gentoo.org/security/en/glsa/glsa-200711-30.xml |
56 |
|
57 |
|
58 |
camille ~ # emerge -pv ">=x11-libs/goffice-0.6.1" |
59 |
|
60 |
These are the packages that would be merged, in order: |
61 |
|
62 |
Calculating dependencies... done! |
63 |
[ebuild R ] x11-libs/goffice-0.6.1 USE="gnome -debug" 0 kB |
64 |
|
65 |
Total: 1 package (1 reinstall), Size of downloads: 0 kB |
66 |
|
67 |
I've emerged this several times and glsa-check still claims it needs to |
68 |
be fixed. Why? |
69 |
|
70 |
-- |
71 |
gentoo-user@l.g.o mailing list |